This is a blog about the future of digital media law from Laurence Kaye. Laurence runs Laurence Kaye Consulting Limited (click here), bringing insight an clarity to the complexities of the digital world.

June 29, 2011

if you're an email subscriber to my Blog, you may have picked this up already, But if not, I wanted to share some exciting news with you about about Laurence Kaye Solicitors.

My team and I have been busy over the last two years working for Pottermore. In case you have been asleep for the last week, it was announced on YouTube and at a press conference last week, that Pottermore is bringing J.K. Rowling's Harry Potter stories online, with a rich experiential site, featuring new content from the author, user contributed content, and an exclusive online store for her e-books and audio books. It launches to all Internet users in October, though some will get a chance to get in early beforehand from July.

As you can imagine, the Pottermore site is already receiving millions of hits - numbers that the rest of us can only dream of!

We're very proud to be the main lawyers that worked on the experiential site. Follow the owls!

June 28, 2011

I attended a Roundtable Discussion with Professor Hargreaves and Baroness Wilcox (IP Minister) last week, hosted by IPPR, to discuss the Hargreaves Report - "Digital Opportunity - a Review of Intellectual Property and Growth."

One of the main topics discussed was the Report's 'big idea', the proposal to create a Digital Copyright Exchange (“DCE”). It's undoubtedly the ‘Digital Opportunity’, the means to unlock the UK’s creative industries’ economic potential and to solve the problems of rights clearances which so often get copyright law a bad press.

Hargreaves is right in the sense that the marriage of copyright and technology to automate the ways in which copyright works are located and cleared, and permissions for use communicated to users, is not simply convenient in the 21st century. Automated licensing is essential and the Report paints a clear picture of the benefits for creators, intermediary rights holders, consumers and users.

So Hargreaves certainly has high hopes for the DCE. “The prize is to build on the UK’s current competitive advantage in creative content to become a leader in licensing services for global content markets; in short to make the UK the best place in the world to do business in digital content.”

But what exactly is the DCE? Is it a virtual content megastore or exchange in UK cyberspace for rights owners, traders and users to trade or is it more of a brand name to describe a collection of rights registries and rights databases across the Internet?

Professor Hargreaves and his team have, I think, deliberately not been prescriptive. So the answer I believe is that the DCE is a mixture of both. The Report states: “The aim is to establish a network of interoperable databases to provide a common platform for licensing transaction.” The magic word is “interoperable”.

The key to understanding the DCE is to realise that many of the elements needed to automate licensing already exist, based on a variety of technical standards developed by the music, film, publishing and other sectors of the creative industries. There are digital identifiers to identify works which can persist across the network such as the DOI and EIDR which emerged from the publishing and audio-visual industries respectively. In addition, rights registries to record the often-multiple numbers of owners in works, such as the Global Repertoire for Musical Works, already exist or are emerging from different industry sectors. In addition, we also have well established formats such as XML for communicating permissions so that when users clicks an on-screen icon they can see what they can and can’t do with the material.

The challenge which the DCE encapsulates is to pull all this together into a working, interoperable whole. This needs vision and drive to harness on-going technical work which is needed so that all the disparate databases of rights information and copyright works of all kinds can communicate with each other on a cross-industry, global basis and respond to the machine-enabled requests of all rights intermediaries and users.

Hargreaves does not volunteer the Government for the job of creating the DCE – “That way lies a nightmare of IT procurement followed by the birth of a white elephant”. Rather, Hargreaves sees the Government as a convenor of all the relevant interests. That said, the Report suggests some incentives to explore such as making the sanctions under the Digital Economy Act apply only to infringements involving works available through the DCE.

I am not sure about that. If the DCE is to come about, it will need huge effort on behalf of all the participants in the creative industries and this will need to be driven by voluntary commercial and creative incentives.

Above all, making the ‘DCE’ a reality, in the broader sense of a network of interconnected, intra-communicating rights registries, content databases, will need to be an international effort, based on internationally accepted technical standards. For the UK, this means seizing the opportunity to play a leading role in Europe, as part of the European Commission’s Digital Agenda to bring this about.

Certainly, there are also opportunities for UK commercial entities, public institutions, public/private partnerships and collecting societies to build the servers and to deliver the services to unleash the potential of our creative industries. In that sense, there can be lots of DCE’s. The key thing is that they can all communicate with each other and with everyone in the copyright chain, from creators, producers and intermediaries to the citizen and consumer.

So well done Professor Hargreaves for articulating this vision. Let’s get to work.

June 07, 2011

My colleague Sherif Malak has been munching his way through the subject of cookies. We hope you'll find this helpful!

If you’ve sorted through the flurry of guidance and commentary thrown up over the last couple of weeks concerning the UK’s implementation of the changes to the e-Privacy Directive, you would be forgiven for feeling slightly bewildered. As a certain fuzzy blue Sesame Street character might say, “it’s all about the cookie.” The exact type being a small file that is sent to and stored on a user’s terminal (normally through their internet browser) when they access a website. The information in the cookie can then later be read by the website server.

These online cookies, like their culinary counterparts, come in a variety of flavours – temporary, persistent, third party - and carry out a variety of different functions – verification, authentication, analytics, behavioural tracking. The new rules apply to all of them and the UK’s implementation of the amendments to the EU e-Privacy directive, which recently came into effect on 26 May 2011, has already been met with a great deal of controversy. So what are the new rules, why such controversy and where do website providers stand in light of them?

The new rules change the previous ‘informed opt-out’ arrangement to an ‘informed opt-in’ regime i.e. except for cookies that are “strictly necessary” for the service requested by a user, web site providers must obtain users’ consent whenever they wish to store or access cookies on their machines.

But what is consent? The operative provisions are quite ambiguous, in part because the European Parliament, only managed to get wording that consent was neither ‘explicit’ nor ‘prior consent’ into the recitals and not the operative provisions of the Directive. The situation wasn’t helped by the Article 29 Working Party’s view advocating prior, specific, informed opt-in based consent.

In its implementation, the UK Government has included part of the recitals to the Directive, the infamous ‘Recital 66’, in the operative provisions of the implementing Regulations which, under 3A state that “consent may be signified by a subscriber who amends or sets controls on the internet browser.” But hopes that website providers could rely on users’ browser preferences were dashed when DCMS announced in its April open letter that current browser settings would be unlikely to be sufficient to provide consent as things stand. Whilst the Government will be looking to work with browser manufacturers in the near future to improve their privacy settings so that providers can rely on such settings, in the meantime consent has to be sought in some other manner. The DCMS made clear however, that where consent for cookies is concerned, the Directive does not use the word ‘prior’ did not “preclude a regulatory approach that recognises that in certain circumstances it is impracticable to obtain consent prior to processing.”

So where does that leave things? Cue the ICO with new guidance and on the eve before the Regulations take effect, the somewhat inelegant implementation of the rules for its own website leaving website developers shivering at the thought of having to use pop up consent boxes that ominously state “One of the cookies we use is essential for parts of the site to operate and has already been set.”

I won’t go through the ICO guidance here as it is clearly written, however it does leave many questions unanswered, including what providers should do where third party cookies are concerned. And what of cookies originally set as a first party cookie but subsequently read in a third party context? Cookies that are highly privacy intrusive cookies are likely to need prior consent but what exactly is needed for cookies that aren’t strictly necessary but are not privacy intrusive? Where prior consent may not be needed, is prominent notice enough?

Despite this ambiguity , I don’t think all this should be too much cause for concern at the moment. The ICO has made clear that it will provide organisations with a grace period of 1 year to comply with the new rules. Although they must show that they are “taking steps” to comply, the aesthetically displeasing ICO implementation surely indicates that the solution to obtaining consent for cookies is one that lies with the underlying browsing technology, whether that be “browsers” as we know them today or the soon to be commonplace ‘in-App’ browsing functionality on smartphones. Older browsers might require a separate approach but as web developers adopt new technology, such as HTML5, such exceptions will become far less of a problem. Indeed, Google has already announced that it will phasing out support for older browsers from 1 August.

Although what the new rules require may still be a little grey, one thing is quite clear: software developers are now on notice – technology is a clear favourite to this legal ‘problem’. Cookie settings must be built into code and in anticipation of clear demand for such features, there’s no reason why this new breed of software won’t be with us by the time the ICO grace period expires.